350 likes | 368 Views
Learn how to enforce data privacy and security policies in your educational organization, while managing data distribution challenges and complying with data privacy regulations. Discover how CPSI's OneUser Data Privacy solution provides a functional approach to data management, including a single data layer and a web-based OnBoarder tool for app registration and data control.
E N D
IMPLEMENTING DATA PRIVACY AND DATA SECURITY FOR YOUR EDUCATIONAL ORGANIZATION WITH CPSI, LTD. Learn how you can take the first steps to enforce data privacy and security policies that will grow with your educational organization.
The challenge for educational organizations is to limit the data consumed by third party systems and different user groups within the organization while enforcing data privacy and security rules and regulations. THECHALLENGE
Student data is required for a growing number of cloud hosted web-based apps across the K-12 world. This has cause new challenges and the needs of educational organizations are changing. New Data Privacy and Security Rules Data privacy and security rules surround apps and the data sent over the web are exhaustive and time consuming to manage. DATA DISTRIBUTIONISSUES FACED BY EDUCATIONAL ORGANIZATIONS Data Synchronization Issues Keeping the data synchronized between the source systems, such as the SIS and HR system, while managing security is nearly impossible without software in the middle. Expanding Costs and Time Requirements The number of hours spent by educational organization staff to manage the data by hand adds up. This is cost prohibitive for educational organizations. The Challenge Control of the Data Controlling where and what data fields and records are interchanged is done by manually – typically via data extractions from multiple backend data sources. Security Rules are Left to Interpretation The actual implementation of the data privacy and security rules is left to interpretation by data managers at the individual educational organizations.
DATA DISTRIBUTION ISSUES FACED BY EDUCATIONAL ORGANIZATIONS THE CHALLENGE Respond to Single School or Teachers Needs Often times in districts, a single school or teacher require the use of specific apps that are not used district-wide. Educational organizations need the ability to manage data being sent to these apps. PII Data Management Issues Personally Identifiable Information (PII) enforcement is not managed or controlled because there is no good way to control it. E-Mail Aliases are Needed In order to fully isolate PII data about students there is often a need to use an e-mail alias. This is most often times needed when a teacher is manually registering students into apps that do not require district approval or because the district does not have the capability to respond in a timely manner to the teacher. Data Encryption Issues PII data encryption enforcement needs to happen at rest and in motion, but this is hard to enforce so it is often times neglected. Limiting Data Is Hard Limiting the data set sent outside of the district to the specific classes or students that are needed is difficult to do. Controlling Data Based on Age In many states, data for students who are 13 years old and younger is a legal requirement. Controlling the data based on age is difficult to do. Parents and Guardians Need a Way To Opt-Out Educational organizations need a way to provide parents with the ability to opt-out of sending their child’s information to apps used in their district or school.
CPSI has developed a new solution that allows educational organizations to technically implement their data privacy policies. With this new solution, educational organizations can finally take control of data movement – both inside and outside of the organization – while keeping a trail of who has what for auditing purposes. It is called OneUser Data Privacy. OneUser Data Privacy has the following components: Does a functional solution for data privacy and security management exist? A Single Data Layer The OneUser Data Privacy tools come with a single data layer that enforces the defined security rules – regardless of the method of data communication. For data distribution both internally and externally to the educational organization, the he data layer supports SFTP, FTPS, Open REST APIs, SIF xPress APIs, SIF 2.x, SIF 3.x, Ed-Fi API, direct SQL access to views, and file based extractions via web pages. • OneUser OnBoarder • The OneUser OnBoarder provides a web-based interface for educational organizations to request apps to be used that require data from the educational organization. OneUser OnBoarder manages the workflow from registration of the app vendors to the Data Privacy Contract to the data elements required for the approval process. Additionally, OneUser OnBoarder also manages: • The definition of the data that is sent to the app vendor • Assign schools and rosters to apps to ensure that only the data needed is sent • Parents and guardians can opt-out of apps via OneUser OnBoarder so that their childs data is not sent to apps. Once the opt-out is approved by the educational organization, the data for that student is not sent to the app. If the data had already been sent to the app, a delete request is sent automatically to the app vendor. The OneUser notification system notifies users of the events.
The OneUser Data Privacy Management System OneUser DPMS is a tool for educational organizations to implement and enforce data privacy policies as per the legal and ethical requirements for safeguarding student and staff data. Protect Students and Staff from Harm The purpose of OneUser DPMS is to protect students and staff from harm while providing peace of mind for districts and educational organizations. THE ONEUSER DATA PRIVACY MANAGEMENT SYTEM(ONEUSER DPMS) Improve Efficiency with Automation OneUser DPMS improves the efficiency of the educational organization operations team with regards to data collection, the usage of data, and how data is distributed. Advanced Privacy and Security Controls OneUser DPMS provides a secure data layer with advanced privacy and security controls that enable the educational organization to easily manage state, federal, and district level data policies. Control and Secure Data Implement and manage data privacy policies and the start of the educational organizations data governance activities. Educational organizations gain the ability to control, secure, and implement data privacy policies used by all of the app and systems, including third party apps. District Administrators Have Control District administrators can authorize individuals, such as teachers and parents or guardians, to control the access to student data.
FEATURES OF ONEUSER DPMS • Data Security Features • Advanced data encryption of all Personally Identifiable Information (PII) data at rest and in motion • Encryption keys for data at rest are different than encryption keys for data in motion to third party released keys • Data object, record, and field level security control • Advanced security controls on data sets, i.e. limiting the data to a single class. • Ability to identify how and where PII data is stored and used.(Hybrid Systems) • Parent and Guardian Features • Notification to parents and guardians of new app contracts before or after a configurable number of days of first use • Identification of data that is sent to each app • Allow parents or guardians to opt-out and refuse their child’s data to go to a particular app • Posting of any app vendors that use student personal information • Teacher Features • Online access for teachers to screen an app to see if it is already approved or denied for use • Teachers have the ability to request that an app be approved for use by their class students only • Teachers have the ability to create a list of app vendors they use for their own students that use student personal information • Notification of an app vendor and/or application’s approval or denial by district staff • Data Privacy Management Features • Entity registration • Application registration per entity • Data distribution and security by application and data privacy contracts to send to entities • Approve or deny entity and application for use by teachers and staff • Manage the life cycle of the entity and applications within the district • Automate the exclusion of students by age with automated notification of parents and guardians to authorize the student data for use • Notification Features • Delivery and notification of the District Privacy Agreement to the app vendor/entity • Delivery of the district’s available data set to the web service vendor/entity so that the entity can identify the required data fields • Notifications to the district data staff upon completion of the entity’s agreements • Notifications to the teachers/staff upon approval or denial of the entity/application • Notifications to the 3rd party app vendor/entity of approval or denial to data access • Administrator Features • Customize the Privacy Contract between the vendor and the district • Customize the email that is sent to the entity, teachers, and parents • Approve or deny the entity/application for use by district staff
EMAIL NOTIFICATIONSREGISTRATION OF ENTITY Dear Ron Software,You have been registered as a Data Consumer with the Grand Bend ISDS. Please follow the directions below to complete the approval process for gaining access to the data required for your applications.The current registered Applications are:fun Registered on 2/28/20171. Please review the attached "Student Data Privacy Agreement". This agreement outlines the standard privacy rules that the district requires with all vendors prior to distributing data.2. In order to receive data from the district, you must agree to our Data Privacy rules. The attached document must be signed by the appropriate person at your organization and returned to the district prior to receiving data.3. Review the data element list in the document. Mark the elements that you require in order to successfully populate the data in your application/applications. These are the data elements that you will be subscribing to from the district/Schools.4. The documents can be electronically signed and marked. You may electronically sign the document or you can hand-sign the document and scan it. Once completed, please email the document to aelia@cpsilitd.com.5. Once the completed documents are received, A district technical administrator will contact you to confirm the data connection and password.Thank you for your prompt attention to this email. If you have any questions, you can email them to aelia@cpsiltd.com or call 618-281-8898 ext 221.Regards,Data Management and Security Department
DOCUMENTS SENT FOR ENTITY REGISTRATIONDATA PRIVACY CONTRACT DOCUMENT
DOCUMENTS SENT FOR ENTITY REGISTRATIONDATA OBJECT AND ELEMENT REQUIREMENTS - 1
DOCUMENTS SENT FOR ENTITY REGISTRATIONDATA OBJECT AND ELEMENT REQUIREMENTS - 2
DOCUMENTS SENT FOR ENTITY REGISTRATIONDATA OBJECT AND ELEMENT REQUIREMENTS - 3
EMAIL NOTIFICATIONSNOTIFICATION TO DISTRICT PERSONNEL Data Security and Provisioning Team:A request for data access has been submitted for approval for the Entity called Ron Software. Prior to approval, please follow the process detailed below in order to meet the District Data Security Policy.The Ron Software Application list for approval is:fun Registered on 2/28/20171. Please review the request. If there are questions for Ron Software, please contact Ron Software for clarifications. Ron Software contact information is found at the following link: https://us.cpsidatahub.com/onboarding/AStartUp.aspx?P1=33FBEEB43800686C2. Ensure that Ron Software has returned a signed copy of the 'District Data Privacy Policy' that was automatically emailed to them during the registration process. Ron Software was provided the proper return email address for the documents. If the document has not been returned within 10 days, please contact Ron Software about signing the document. Ron Software cannot be approved until the document is signed and returned to the District.3. Review the information sent by Ron Software that details the "Data Elements Required" and the Connection Method Supported. This document was emailed to them during the registration process and needs to be completed and returned to the District before the Entity is approved.4. Go to the https://us.cpsidatahub.com/onboarding/AStartUp.aspx?P1=33FBEEB43800686C and complete the Connection Information and Data Element Approval sections. All Passwords must be verbally received, no Passwords are to be emailed.6. Once the above items are completed, the Entity is approved.7. The Data connection can now be configured and data can flow to the Entity as required.
EMAIL NOTIFICATIONSAFTER APPROVAL OF APP VENDOR Dear Ron Software,Your registration has been approved as a Data Consumer with Grand Bend ISDS. Below is a list of your current approved Applications:fun Approved on 2/28/20171. A district technical administrator will contact you to confirm the data connection and exchange passwords if needed.2. All passwords are to be provided by direct phone contact. No passwords are to be included in any emails.Thank you for your prompt attention to this email. If you have any questions, you can email them to aelia@cpsiltd.com or call 618-281-8898 ext 221.Regards,Data Management and Security Department.
EMAIL NOTIFICATIONSINFORM DATA REQUESTOR Dear Data Requester,The registration of Ron Software has been approved by the Data Management and Security Department.The applications approved are:fun Approved on 2/28/2017Once the data connection is established and tested you will be notified that the data exchange process is complete.If you have any questions, you can email them to aelia@cpsiltd.com or call 618-281-8898 ext 221.Thank you.Regards,
EMAIL NOTIFICATIONSPARENT OR GUARDIAN NOTIFICATION Dear Parent or Guardian, The District has approved “Vendor Name” and “Application Name” for use within the district. Your child’s required data will be shared with this vendor in order that your child use the application as part of his/her classes. The District has taken all efforts to ensure that your child’s data is safeguarded when using this application. Please read the summary of the contract that the district has with the vendor. In it, you will find the date the contract was executed, a brief description of the contract and its purpose within the district, and what student data, records, or student-generated content may be collected as a result of the contract. You can also read the notice on the districts web site at http://www.myDistrictPrivacy.edu. [More Wording……………..] Please click on this https://www.myDistrictPrivacy.edu/DenyAccess?token=uZVTLBCWcw33RIhvnbxTKxTxM2rKJ7YJrwyUXhXn link if you do not want your child’s data to be sent to this application. Please note that by denying data to the application, your child will not be able to utilize the application. Regards, District IT Staff
EMAIL NOTIFICATIONSOPT-OUT DELETE REQUEST BY PARENT/GUARDIAN Request For Data Deletion from Grand Bend ISD:This is a request for full and permanent Data Removal and Deletion of the record/records that belong to the user with the following ID: 12345 The Application/Applications Impacted by the Deletion is/are:1- “fun” Registered on 2/28/2017Based on the "Student Data Privacy Agreement“ between Grand Bend ISD and Ron Software all requests for Data Deletion must be completed within 15 days of receipt of this email. A Delete event via the data connector for the “fun” application for the user with ID = 12345 has been sent.Please click on this link to acknowledge that you have deleted the records for the user with ID = 12345 https://www.myDistrictPrivacy.edu/Deleted?token=uZVTLBCWcw33RhifrMScIhvnbxTKxTxM2rKJ7YyUXhXn Thank you for your prompt attention to this email. If you have any questions, you can email them to aelia@cpsiltd.com or call 618-281-8898 ext 221.Regards, Data Management and Security Department
EVALUATING AN APPVENDOR • Evaluate the terms and conditions of educational web sites with respect to student privacy. Specifically, this is to evaluate if the service provider implements and maintains security procedures and practices that meet or exceed industry standards and that are designed to protect student information, records, and student-generated content from unauthorized access, destruction, use, modification, or disclosure. • Determine if the service provider deletes student information, student records, or student generated content within a reasonable amount of time if a student, parent, or legal guardian of a student or local or regional board of education who has the right to control such student information requests the deletion of such student information, student records, or student-generated content. • Determine if the service provider uses student data for non-school purposes, such as: engaging in targeted advertising; collecting, storing, and using data and content or persistent unique identifiers for purposes other than education; selling, renting, or trading student data and content except as part of a merger, sale, or acquisition of the service provider’s business; and disclosing student data and content unless the disclosure is made for educational purposes, to ensure compliance with the law, in response to a judicial order, to protect the safety or integrity of users, to an entity hired by the operator to provide services for the operator’s site, or for a school or other purpose requested by a student, parent, or guardian of a student.
METHODS OF DATA COLLECTION SFTP FTPS File Uploads SIF 2.x SIF3.x xPress API Direct DB Retrieval Direct Document Retrieval
METHODS OF DATA DISTRIBUTION SFTP FTPS File Downloads SIF 2.x SIF3.x xPress API xDListener Automated Remote Downloader
Connectors - SIS • SchoolMaster • SchoolMax • SchoolTool • SIS Liberty • SIRS • Skyward • SME • Specialized Data Systems • Sungard K-12 • Synergy • TIES SIS • TenexStudentSphere • xSphere • TERMS • Timanagos SIS • Trillium • Tyler SIS • WebSmart • ADM2000 • Chalkable • Chancery SMS • ClassMate • CIMS • eSchoolData • eSIS • Focus SIS • Follett Aspen • Genesis SIS • Go.edustar • Illuminate • iPass • JPAMS • Lumen AXSIS • PowerSchool • ProSoft • SASIxp • SchoolInsight • SchoolLogic
Connectors – HR and Finance • Munis • NextGen • Oracle HR • PeopleSoft HR/HCM • SAP • sds • SmartFusion • Sungard K-12 Financial and HR • TenexaccuSphere • Ultimate Software • TERMS 20-20 • Wen-GAGE • WinCap • AAWeb • ADM • ADP Payroll • Alio HR • Apta Fund • Attendance on Demand • Ceridian • DataTeam • Infinite Visions • Io operations • Io talent • Kronosi • Munis • NextGen
Connectors – APPS • Assessment, Analytics, Benchmarking, and Reporting • AIMS • BaselineEdge • DataMate • FastBridge • Galileo • Guide K-12 • Illuminate Data and Assessment • Io assessment • Io insights • SafeSchoolsNY • Bus and Transportation • EduLog • Transfinder • Versatrans • Digital Textbooks • Houghton Mifflin Harcourt • McGraw Hill • TIPWeb IM • Email • Google Apps/G Suite • Office 365 • MS Exchange • Instructional Support • Accelerated Math • Accelerated Reader 360 • Blackboard Connect • Castle Learning Online • Curriculum Developer • EduTube • English in a Flash • Google Classroom • Io classroom • MathFacts in a Flash • RenLearn RDI • RenPlace • Star360 • TeacherEase
Connectors – APPS • Learning Management Systems • Blackboard • eBackPack • Io plans • Moodle • Schoology • ThinkCentral • Destiny • Notification Services • Blackboard Connect • EZSchoolMsg • iAutoAlert • SchoolMessenger • Nutrition Systems • eSchoolPayments • eTrition • EZMealApp • EZSchoolPay • Horizon OneSource • Horizon Solana • MealTracker • NutriKids • PrimeroEdge • WebSMARTT • Portal and SSO • Clever • PupilPath • SharePoint • Website and Online Communication • EduForm • Gaggle • Remind 101 • Survate • Other Apps • AIM • Casenex PD • Illuminate Special Education • Pals • StarTrac • TipWeb IT
Connecting with Other Standards • Supported Platforms and Data Standards • OneRoster by IMS Global • SIF 2.X • SIF 3.X • xPress • CEDS • Ed-Fi • All SIF Agents
Full xPress API with Advanced Features
Search Path Grids xCalendars Search Paths {{URL}}/requestsConnector/xCalendars?where=[sessions/sessionList/sessionType='1' and sessions/sessionList/sessionCode='Traditional'] xContacts Search Paths
THANK YOU FOR ATTENDING For More Information, Please contact MICHELLE@CPSILTD.COM 800-659-8240 www.cpsiltd.com